CVE-2022-25050: rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. CVE-2022-25051: An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. Patch: https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=048b1381de72db7437e5c7643bb2c72fa56cc930 commit 048b1381de72db7437e5c7643bb2c72fa56cc930 Author: Rick Farina <zerochaos@gentoo.org> AuthorDate: 2022-03-16 20:53:38 +0000 Commit: Rick Farina <zerochaos@gentoo.org> CommitDate: 2022-03-16 20:54:29 +0000 net-wireless/rtl_433: add CVE fix patch to 21.12 Bug: https://bugs.gentoo.org/834454 Signed-off-by: Rick Farina <zerochaos@gentoo.org> net-wireless/rtl_433/files/rtl_433-21.12-CVE.patch | 55 ++++++++++++++++++++++ net-wireless/rtl_433/rtl_433-21.12.ebuild | 4 ++ 2 files changed, 59 insertions(+)
Thanks, all done!